ITL Newsletter March - April 2020

NIST Releases Version 1.0 of the Privacy Framework

NI

Our data-driven society has a tricky balancing act to perform: building innovative products and services that use personal data while still protecting people’s privacy. To help organizations keep this balance, NIST is offering a new tool for managing privacy risk.

NIST released Version 1.0 of the Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. Developed from a draft version in collaboration with a range of stakeholders, the Framework provides a useful set of privacy protection strategies for organizations that wish to improve their approach to using and protecting personal data. The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and the Cybersecurity Framework.

CULTIVATING TRUST IN IT AND METROLOGY

FEATURE STORIES

Here is a snapshot of what he had to say: "One of the challenges with defining artificial intelligence (AI) is that if you put 10 people in a room, you get 11 different definitions. It's a moving target. We haven’t converged yet on exactly what the definition is, but I think NIST can play an important role here. What we can't do, and what we never do, is go off in a room and think deep thoughts and say we have the definition. We engage the community. That said, we’re using a narrow working definition specifically for the satisfaction of the Executive Order on Maintaining American Leadership in Artificial Intelligence, which makes us responsible for providing guidance to the federal government on how it should engage in the standards arena for AI."

Criminals sometimes damage their mobile phones in an attempt to destroy evidence. They might smash, shoot, submerge, or cook their phones, but forensics experts can often retrieve the evidence anyway. Now, researchers at NIST have tested how well these forensic methods work. A damaged phone might not power on, and the data port might not work, so experts use hardware and software tools to directly access the phone’s memory chips. These include hacking tools, albeit ones that may be lawfully used as part of a criminal investigation. Because these methods produce data that might be presented as evidence in court, it’s important to know if they can be trusted.

STAFF SPOTLIGHT

Naomi Lefkovitz

ITL Senior Policy Advisor

In the age of advanced computing technology and ever-increasing connectivity with the Internet, personal privacy has become a topic of great importance to individuals in the public and private sectors. Naomi Lefkovitz in ITL's Applied Cybersecurity Division has stepped up to this challenge, and is leading a comprehensive Privacy Engineering Program at NIST. As part of that program, Naomi’s team is developing a comprehensive, world-class suite of tools and best practices to help customers build better privacy programs to protect personally identifiable information. In January, she capped a one-year effort to lead the development of the NIST Privacy Framework which provides a standardized, yet flexible structure for organizations to build, modify, or enhance their privacy programs. In recognition of this extraordinarily impactful effort, Ms. Lefkovitz was recognized by Federal Computer Week and has been selected for its prestigious 2020 Federal 100 award.

LOOKING AHEAD

CONFERENCES & EVENTS

April 8-9, 2020

April 9, 2020

May 27-28, 2020

SUCCESS STORIES

NIST Attends RSAC 2020 Conference

NIST attended the RSAC 2020 Conference in February, along with approximately 40,000 other cybersecurity professionals and enthusiasts. NIST shared details about our work via panels, presentations, workshops, and meetings—and we received lots of great feedback and questions at our booth exhibit on the expo floor. We plan to attend RSAC 2021 and look forward to participating in sessions next year; stay tuned for more information in the coming months.

NOTABLE QUOTES

"A class of personal data considered to be of low value now may have new use in a couple of years."

- Naomi Lefkovitz, ITL, Senior Policy Advisor

“What we can do to help, and the reason that we've prioritized trustworthy AI, is we can provide that foundational work that people in the consumer space need to manage those risks overall."